GitHub has announced a series of critical security updates addressing three vulnerabilities impacting its Enterprise Server (GHES) product. Among these, one flaw is particularly severe and could potentially allow unauthorized users to obtain site administrator privileges.
The vulnerability, designated as CVE-2024-6800, has been rated with a CVSS score of 9.5, indicating its critical severity. GitHub clarified in a recent advisory that the issue affects instances of GitHub Enterprise Server utilizing SAML single sign-on (SSO) with specific identity providers. Attackers could exploit this flaw by crafting a malicious SAML response, granting them access to user accounts with administrative privileges.
In addition to this critical flaw, GitHub has resolved two medium-severity vulnerabilities. The first, CVE-2024-7711, involves an incorrect authorization issue that may enable an attacker to modify the title, assignees, and labels of issues within public repositories. The second, CVE-2024-6337, also related to authorization, could allow an attacker to retrieve contents from a private repository via a GitHub App, even if the app only has limited permissions specific to content reading and pull requests writing.
All three vulnerabilities have been patched in the latest GHES versions—3.13.3, 3.12.8, 3.11.14, and 3.10.16. GitHub’s response highlights the importance of timely updates, particularly for organizations using self-hosted versions of the software who face significant risks if they do not upgrade to the latest release.
In a previous incident in May, GitHub addressed another major security vulnerability (CVE-2024-4985) with a critical CVSS score of 10.0, which could allow unauthorized access to GHES instances without prior authentication. This serves as a reminder of the ongoing vulnerabilities within the platform and the necessity for vigilant security practices.
Organizations running outdated versions of GHES are urged to implement these updates immediately to mitigate potential security threats. Ensuring systems are current is vital for defending against malicious activities that exploit such vulnerabilities.
Regarding the potential methodologies involved in these attacks, the MITRE ATT&CK framework can provide insight. The tactics of initial access and privilege escalation are particularly relevant in this context, as attackers leverage SAML vulnerabilities to gain elevated privileges and access sensitive resources. Organizations should consider these factors and evaluate their security postures against such risks to ensure robust defenses.
